Security Debt in EMEA Escalates Amid Rising Cyber Threat

Security Debt in EMEA Escalates Amid Rising Cyber Threat

Veracode, a global leader in application risk management, unveiled the EMEA snapshot of its annual State of Software Security (SoSS) 2024 report, which revealed worrying levels of security debt in organisations across Europe, the Middle East, and Africa.

Veracode’s research found that 68 percent of EMEA organisations harbour some level of security debt, while 46 percent have high-severity persistent flaws in code, classified as ‘critical’ security debt. These flaws represent the greatest risk to applications and are a ticking time bomb with the potential for catastrophic breaches.

In a world where every interaction with an application can be a potential entry point for cyber attackers, understanding and managing security debt is more crucial than ever. Security debt, defined for this report as software flaws that remain unfixed for longer than a year, can build up when developers lack time or resources to address potentially dangerous flaws. Over time, these flaws accumulate, making organizations increasingly vulnerable to attackers.

Chris Eng, Chief Research Officer at Veracode, said, “The findings of this year’s EMEA SoSS report are a wake-up call for organizations in the region. Businesses should have a laser focus on remediating critical security debt first, given these flaws present the highest risk.”

Developers tasked with triaging and fixing flaws manually often fall short in tackling growing security debt, with slow remediation timelines and prioritization to blame. Analysis of remediation timelines in EMEA found it takes organizations using manual methods an average of 19 months to remediate flaws in third-party code, compared to nine months for first-party code. With such a vast number of flaws to address, organizations must prioritize which vulnerabilities to fix first, especially critical flaws.

When it comes to sources of security debt, the report found 84 percent of security debt overall comes from first-party code developed in-house. Meanwhile, 80 percent of critical security debt stems from third-party code, which often flies under the radar but can be just as dangerous for EMEA organizations. Crucially, the critical security debt statistic is considerably higher than the global rate of 65 percent.

Leveraging AI for Vulnerability Remediation

While AI code generators are increasingly used by developers to create software because of the speed and efficiency they bring, they don’t always produce secure code. Indeed, recent research found 36 percent of code generated by the AI-powered GitHub CoPilot tool contained security flaws.

AI can also be used to burn down security debt, supporting developers and security teams by dramatically reducing the time to fix vulnerabilities. Eng said, “AI-powered remediation tools can save teams a significant amount of time by automating fix recommendations and tackling flaws at scale. For example, our AI-powered remediation solution, Veracode Fix, has slashed fix times for common vulnerabilities from days to minutes, significantly enhancing developer productivity.”

Mitigating Security Debt in a Complex Environment

With three fifths (60 percent) of all flaws in EMEA organizations considered neither security debt nor critical severity, it becomes easier and more manageable for developers to focus on fixing the four percent that constitutes the highest risk. Once addressed, organizations can then go on to tackle non-critical security debt or more recent critical flaws, based on their risk tolerance and capabilities.

For those seeking prioritization guidance on security debt, Application Security Posture Management (ASPM) tools can continuously track risk through the collection, analysis and prioritization of security issues across the software development cycle.

ASPM tools have become more popular as they offer a comprehensive, unified view of risk across application stacks, and facilitate the remediation of issues. Longbow, powered by Veracode, delivers ASPM to get to the root cause of the issue through contextual analysis and suggests the best next actions to reduce the most risk with the least amount of effort.

Eng closed, “The prevalence of security debt among EMEA organizations highlights the need for immediate action to protect businesses against future breaches. Security leaders and developers should focus on patching the most critical flaws that introduce the most risk given their context. AI-powered security solutions that scale remediation efforts will enable teams to tackle their growing security debt more efficiently and reduce the amount of time vulnerabilities can be exploited.”

The SoSS EMEA snapshot is available to download on the Veracode website. To access the full State of Software Security 2024 report and gain deeper insights into the findings and recommendations, visit the website.

Are pre-owned smartphones safe?

Are pre-owned smartphones safe?

Phil Muncaster, guest writer at ESET, explains that buying a pre-owned phone…
Why your cloud security strategy may be obsolete by 2025?

Why your cloud security strategy may be obsolete by 2025?

John Engates, Field CTO of Cloudflare, warns that within 18 months,…
Shaping the Future of Connectivity with 5G Network APIs

Shaping the Future of Connectivity with 5G Network APIs

Lucky La Riccia, Vice President and Head of Cloud Software and…
OmniOps secures $8 million from GMS Capital Ventures

OmniOps secures $8 million from GMS Capital Ventures

OmniOps, the first Saudi Arabia-based AI Infrastructure Technology provider, announced the successful…
lechef all set to transform workplace dining in the region

lechef all set to transform workplace dining in the region

Saudi-based serial entrepreneur Eugen Brikcius announced the launch of its new food…
Clemta ready to cater entrepreneurs in the region

Clemta ready to cater entrepreneurs in the region

Clemta, the one-stop shop for global entrepreneurs incorporating in the US, has…